<?php
session_start();

 include('databaseconnection.php');
 //include ('header2.php');
$password=$_SESSION['password'];
$email=$_SESSION['email'];
//echo $password;
$oldpass=$_POST['oldpassword'];
//echo $oldpass;
$newpass=$_POST['newpassword'];
$md5newpass=md5($newpass);
$confirmpass=$_POST['confirmpass'];
if($oldpass=="" || $newpass=="" || $confirmpass=="")
{
header("Location:change_password.php?errp=Please enter all fields!");
}
else
{
	if($password==$oldpass)
	{
		if(strlen($newpass)<=5)
			{
				header("Location:change_password.php?errp=Password must have six character!");
			}
			else
			{
				if($newpass==$confirmpass)
				{
				mysql_query("UPDATE user SET password = '$md5newpass'
WHERE email = '$email'");
header("Location:change_password.php?errp=Your Password is changed........");
				}
				else
				{
				header("Location:change_password.php?errp=Please Confirm password!");
				}
			}
	}
	else
	{
	header("Location:change_password.php?errp=Incorrect old password!");
	}
}

?>
